Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(470)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier_nss.cc

Issue 1100003006: Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/ct_log_verifier.h ('K') | « net/cert/ct_log_verifier.cc ('k') | net/cert/ct_log_verifier_openssl.cc » ('j') | net/cert/ct_log_verifier_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_log_verifier.h" 5 #include "net/cert/ct_log_verifier.h"
6 6
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <keyhi.h> 8 #include <keyhi.h>
9 #include <nss.h> 9 #include <nss.h>
10 #include <pk11pub.h> 10 #include <pk11pub.h>
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 } 56 }
57 } 57 }
58 58
59 } // namespace 59 } // namespace
60 60
61 CTLogVerifier::~CTLogVerifier() { 61 CTLogVerifier::~CTLogVerifier() {
62 if (public_key_) 62 if (public_key_)
63 SECKEY_DestroyPublicKey(public_key_); 63 SECKEY_DestroyPublicKey(public_key_);
64 } 64 }
65 65
66 CTLogVerifier::CTLogVerifier() 66 bool CTLogVerifier::Init(const base::StringPiece& public_key) {
67 : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
68 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
69 public_key_(NULL) {}
70
71 bool CTLogVerifier::Init(const base::StringPiece& public_key,
72 const base::StringPiece& description) {
73 SECItem key_data; 67 SECItem key_data;
74 68
75 crypto::EnsureNSSInit(); 69 crypto::EnsureNSSInit();
76 70
77 key_data.data = reinterpret_cast<unsigned char*>( 71 key_data.data = reinterpret_cast<unsigned char*>(
78 const_cast<char*>(public_key.data())); 72 const_cast<char*>(public_key.data()));
79 key_data.len = public_key.size(); 73 key_data.len = public_key.size();
80 74
81 CERTSubjectPublicKeyInfo* public_key_info = 75 CERTSubjectPublicKeyInfo* public_key_info =
82 SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data); 76 SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data);
83 if (!public_key_info) { 77 if (!public_key_info) {
84 DVLOG(1) << "Failed decoding public key."; 78 DVLOG(1) << "Failed decoding public key.";
85 return false; 79 return false;
86 } 80 }
87 81
88 public_key_ = SECKEY_ExtractPublicKey(public_key_info); 82 public_key_ = SECKEY_ExtractPublicKey(public_key_info);
89 SECKEY_DestroySubjectPublicKeyInfo(public_key_info); 83 SECKEY_DestroySubjectPublicKeyInfo(public_key_info);
90 84
91 if (!public_key_) { 85 if (!public_key_) {
92 DVLOG(1) << "Failed extracting public key."; 86 DVLOG(1) << "Failed extracting public key.";
93 return false; 87 return false;
94 } 88 }
95 89
96 key_id_ = crypto::SHA256HashString(public_key); 90 key_id_ = crypto::SHA256HashString(public_key);
97 description_ = description.as_string();
98 91
99 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are 92 // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
100 // supported. 93 // supported.
101 switch (SECKEY_GetPublicKeyType(public_key_)) { 94 switch (SECKEY_GetPublicKeyType(public_key_)) {
102 case rsaKey: 95 case rsaKey:
103 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; 96 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
104 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA; 97 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
105 break; 98 break;
106 case ecKey: 99 case ecKey:
107 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; 100 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
(...skipping 25 matching lines...) Expand all
133 SECStatus rv = VFY_VerifyDataDirect( 126 SECStatus rv = VFY_VerifyDataDirect(
134 reinterpret_cast<const unsigned char*>(data_to_sign.data()), 127 reinterpret_cast<const unsigned char*>(data_to_sign.data()),
135 data_to_sign.size(), public_key_, &sig_data, 128 data_to_sign.size(), public_key_, &sig_data,
136 GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_), 129 GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
137 NULL, NULL); 130 NULL, NULL);
138 DVLOG(1) << "Signature verification result: " << (rv == SECSuccess); 131 DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
139 return rv == SECSuccess; 132 return rv == SECSuccess;
140 } 133 }
141 134
142 } // namespace net 135 } // namespace net
OLDNEW
« net/cert/ct_log_verifier.h ('K') | « net/cert/ct_log_verifier.cc ('k') | net/cert/ct_log_verifier_openssl.cc » ('j') | net/cert/ct_log_verifier_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698